LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   capture the traffic going from any port (https://www.linuxquestions.org/questions/linux-security-4/capture-the-traffic-going-from-any-port-565966/)

venki 07-02-2007 01:30 AM
capture the traffic going from any port
 
Hi all,
i want to capture the traffic that is going from any port!
say MSN. .msn port is 1863.
whn i am chatting with my friend all the data should be captured and log in to a file that should be readable..
plz help me if there are any tools,supporting this.
i worked on ethereal but it is not showing any data.

thks in advance

acid_kewpie 07-02-2007 01:59 AM
you can capture traffic with wireshark (ethereal) or tcpdump, but being readable is very subjective... what do you want to read about it?? if ethereal didn't show *anything* then you're just not using it correctly... it's still the right tool for the job.

venki 07-02-2007 02:11 AM
Thks sir,
I have started ethreal,packets are capturing! but when i started chatting with my friend, all the chat logs are not visible to me!
i want to see that chat logs in ethreal! plz help

acid_kewpie 07-02-2007 03:45 AM
wireshark seems fine at deoding msn with the msnms decoder. check the wiki for a sample to compare to http://wiki.wireshark.org/MSNMS

venki 07-02-2007 04:03 AM
yes sir it is showing MSNMS perfectly,
1094 35.655662 207.46.27.38 192.168.1.39 MSNMS MSG nagesh.venkat@hotmail.com Venkat 53
this is the information i am getting!
how can i see the data that venkat is transfered through MSN!

siyisoy 07-02-2007 04:58 AM
If you need an msn sniffer you can use scanhill

venki 07-02-2007 06:31 AM
/usr/lib64/gcc/x86_64-suse-linux/4.1.2/../../../../x86_64-suse-linux/bin/ld: cannot find -liconv
is the error coming!
i tried lot of forums still no use!!
plzz help me

acid_kewpie 07-02-2007 06:46 AM
just read the data payload, it's all shown there for you...

venki 07-02-2007 07:10 AM
where will we find this data payload?

Gigantic 07-02-2007 07:10 AM
uhmm
 
So, this is a girl's IM that you want to spy or there's no specific target yet?

acid_kewpie 07-02-2007 07:24 AM
just expand the high level protocol data on the packet tree (normally the bottom entry on pane in the middle on wireshark), you'll see a fairly standard HTTP-u-like data header, and after "\r\n" the next line should be the text in the message itself. there isn't always text in each message though, there's plenty of control data to wade through as well.

venki 07-02-2007 07:44 AM
I am very thks sir that u are replying for my doubts.
i found MSN Messenger Service
in that
MSG pradeep.malineni@hotmail.com MALINENI 101\r\nMSG
MIME-Version: 1.0\r\n
Content-Type: text/x-msmsgscontrol\r\n
TypingUser: pradeep.malineni@hotmail.com\r\n
\r\n
\r\n

that's it! i din't find the data he written to me..
sorry for making u trouble

venki 07-03-2007 12:55 AM
Is there a way to find the data...??
can we debug it!!

acid_kewpie 07-03-2007 02:14 AM
i already told you not all the packets have actual text in them. i assume that's just one of those "usre bob is typing a message" things. just look for longer packets.

venki 07-04-2007 02:33 AM
acid_kewpie thks a lot! i am able to view the data,but using etheral alias wireshark..can we save the data to any file.
it is saving all the contents ,i want just data to be copied in to a file..


All times are GMT -5. The time now is 03:43 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page